CVE-2018-0500

moderate-risk

Published 2018-07-11

Curl_smtp_escape_eob in lib/smtp.c in curl 7.54.1 to and including curl 7.60.0 has a heap-based buffer overflow that might be exploitable by an attacker who can control the data that curl transmits over SMTP with certain settings (i.e., use of a nonstandard --limit-rate argument or CURLOPT_BUFFERSIZE value).

Do I need to act?

1.2% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Fix available

Upgrade to: ba1dbd78e5f1ed67c1b8d37ac89d90e5e330b628

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (3)

Curl

Ubuntu Linux

Affected Vendors

Canonical Haxx

References (12)

Third Party Advisory http://www.securitytracker.com/id/1041280

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:2486

Exploit https://curl.haxx.se/docs/adv_2018-70a2.html

Patch https://github.com/curl/curl/commit/ba1dbd78e5f1ed67c1b8d37ac89d90e5e330b628

Third Party Advisory https://security.gentoo.org/glsa/201807-04

Third Party Advisory https://usn.ubuntu.com/3710-1/

Third Party Advisory http://www.securitytracker.com/id/1041280

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:2486

Exploit https://curl.haxx.se/docs/adv_2018-70a2.html

Patch https://github.com/curl/curl/commit/ba1dbd78e5f1ed67c1b8d37ac89d90e5e330b628

Third Party Advisory https://security.gentoo.org/glsa/201807-04

Third Party Advisory https://usn.ubuntu.com/3710-1/

/ 100

moderate-risk

Severity 32/34 · Critical

Exploitability 3/34 · Minimal

Exposure 9/34 · Low